Description
The Kong Gateway provides API for accessing various information and configuring it. Acunetix determined that it was possible to access this API without authentication.
Remediation
Restrict access to the Kong Gateway API interface
Related Vulnerabilities
Opencart Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3763)
Elasticsearch service accessible
PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-46158)
WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.13)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-4403)